undefined | Better HN

0 pointsDanBC7y ago0 comments

Maximum possible fine for repeated worst possible violation after ignoring previous attempts at regulation and not making changes after previous smaller fines.

It's not a minimum.

0 comments

frereubu7y ago

I think this is a common misinterpretation though because of the lanauge - that the maximum fine is actually the minimum, because the figures that are talked about are "€20m or 4% of global turnover, whichever is the greatest." It's the emphasis on "the greatest" that has an undercurrent of "we're going to fine you the maximum of these two numbers."

StavrosK7y ago

I'm not sure what you mean by "actually the minimum". They will find you the maximum of those two numbers, at most, if you flagrantly disregard the law.

frereubu7y ago

Yeah, this is the confusion - it's difficult to write it out in a way that isn't ambiguous! I think the fact that there are two numbers, the higher of which is the maximum fine, may imply to some people that the lower figure is the minimum - i.e. if 4% of your global turnover is €100m then €20m is the minimum - but of course there in fact isn't a minimum. It might have helped comprehension if there had been an arbitrary minimum figure - say €100 - to anchor the discussions.

2 more replies

omginternets7y ago

>Maximum possible fine for repeated worst possible violation after ignoring previous attempts at regulation and not making changes after previous smaller fines.

Nothing in the GDPR states this. It's obviously the intent, but ultimately it's left up to the bon vouloir of EU regulators.

It is perfectly legal under the GDPR to make an example out of you by levying the maximum fine for a first offense, and without warning.

jdietrich7y ago

>It is perfectly legal under the GDPR to make an example out of you by levying the maximum fine for a first offense, and without warning.

No it isn't. Read Article 83.

https://gdpr-info.eu/art-83-gdpr/

downandout7y ago

Neither Article 83 or 29 impose any actual limits. They say that those imposing fines should take some things into consideration. After which they can impose a multimillion-dollar fine.

1 more reply

shakna7y ago

Article 29 states this.[0]

[0] https://ec.europa.eu/newsroom/just/document.cfm?doc_id=47889

kingofhdds7y ago

It takes time, and real money to be compliant, and getting slow on this quite plausibly can make one a repeat offender. You can, of course, say "don't be slow then", however, when for an out-of-EU entity (be it biz, or NGO) simple math doesn't show it is worth the effort, then it makes perfect sense to stop offering services to EU. Which is a side effect of the legislation. OP apparently understands it puts GDPR in a bad light, so he says about "overreaction" in every topic related, and this post is likely comes as the response to the latest one.

DanBCOP7y ago

But merely being a repeat offender isn't enough to trigger the maximum fine.

You'd have to be a consistant repeat offender, with no effort made at remediation, with no cooperation with the regulator, and probably handling sensitive or financial data.

Here's a list of recent actions taken. I think the current maximum fine is £500,000. Have a look through a few of these hopefully it's somewhat reassuring.

https://ico.org.uk/action-weve-taken/enforcement/

kasey_junk7y ago

Note that this is the UK agency, you might see different behaviors if you scanned the Belgian regulators enforcement list.

1 more reply

matwood7y ago

> It takes time, and real money to be compliant, and getting slow on this quite plausibly can make one a repeat offender.

When I read things like this I realize how many companies are not treating user data as they should. Protecting user data should already be built into the company software and process.

Given FB revelations and additional scrutiny to Google, I see some form of this law coming to the US.

kingofhdds7y ago

As a user I suppose they should do whatever satisfies me, and I'm not always need a bunch of populists from EU parliament, who can't write a clear text, run to save me, making field even more favorable for big corpos at the expense of SMEs, and small non-profits in the course of action.

>Given FB revelations and additional scrutiny to Google, I see some form of this law coming to the US.

That would be good news for the EU, of course. Even before GDPR, entrepreneurs were routinely advised to incorporate in US instead, and the legislation likely added incentives for that.

DanBCOP7y ago

Yes. We've had PECR for years. If companies are surprised by GDPR they're probably already violating PECR.

But, dispite this widespread non-compliance and fierce fines available to the regulators the sky hasn't fallen. Why do people think GDPR is sudden;y going to make things so much worse?

1 more reply

M2Ys4U7y ago

The whole world has had TWO YEARS to be compliant. "It takes time" is not an excuse.

kingofhdds7y ago

I didn't see the text TWO YEARS ago. Did you?

j / k navigate · click thread line to collapse

0 comments

frereubu7y ago

StavrosK7y ago

I'm not sure what you mean by "actually the minimum". They will find you the maximum of those two numbers, at most, if you flagrantly disregard the law.

frereubu7y ago

2 more replies

omginternets7y ago

>Maximum possible fine for repeated worst possible violation after ignoring previous attempts at regulation and not making changes after previous smaller fines.

Nothing in the GDPR states this. It's obviously the intent, but ultimately it's left up to the bon vouloir of EU regulators.

It is perfectly legal under the GDPR to make an example out of you by levying the maximum fine for a first offense, and without warning.

jdietrich7y ago

>It is perfectly legal under the GDPR to make an example out of you by levying the maximum fine for a first offense, and without warning.

No it isn't. Read Article 83.

https://gdpr-info.eu/art-83-gdpr/

downandout7y ago

Neither Article 83 or 29 impose any actual limits. They say that those imposing fines should take some things into consideration. After which they can impose a multimillion-dollar fine.

1 more reply

shakna7y ago

Article 29 states this.[0]

[0] https://ec.europa.eu/newsroom/just/document.cfm?doc_id=47889

kingofhdds7y ago

DanBCOP7y ago

But merely being a repeat offender isn't enough to trigger the maximum fine.

You'd have to be a consistant repeat offender, with no effort made at remediation, with no cooperation with the regulator, and probably handling sensitive or financial data.

Here's a list of recent actions taken. I think the current maximum fine is £500,000. Have a look through a few of these hopefully it's somewhat reassuring.

https://ico.org.uk/action-weve-taken/enforcement/

kasey_junk7y ago

Note that this is the UK agency, you might see different behaviors if you scanned the Belgian regulators enforcement list.

1 more reply

matwood7y ago

> It takes time, and real money to be compliant, and getting slow on this quite plausibly can make one a repeat offender.

When I read things like this I realize how many companies are not treating user data as they should. Protecting user data should already be built into the company software and process.

Given FB revelations and additional scrutiny to Google, I see some form of this law coming to the US.

kingofhdds7y ago

>Given FB revelations and additional scrutiny to Google, I see some form of this law coming to the US.

That would be good news for the EU, of course. Even before GDPR, entrepreneurs were routinely advised to incorporate in US instead, and the legislation likely added incentives for that.

DanBCOP7y ago

Yes. We've had PECR for years. If companies are surprised by GDPR they're probably already violating PECR.

But, dispite this widespread non-compliance and fierce fines available to the regulators the sky hasn't fallen. Why do people think GDPR is sudden;y going to make things so much worse?

1 more reply

M2Ys4U7y ago

The whole world has had TWO YEARS to be compliant. "It takes time" is not an excuse.

kingofhdds7y ago

I didn't see the text TWO YEARS ago. Did you?

j / k navigate · click thread line to collapse